Vulnerability Change Records for CVE-2018-4833

Change History

CVE Modified by Siemens AG 6/12/2019 10:29:00 AM

Action Type Old Value New Value
Changed Description
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200IRT (All versions < V5.4.1), SCALANCE X-200RNA (All versions < V3.2.6), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client?s DHCP request.
Removed Reference
http://www.securityfocus.com/bid/104482 [Third Party Advisory, VDB Entry]

								
						

Initial Analysis 8/13/2018 3:0:16 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*
          *cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3
     OR
          cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.4.1
     OR
          cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:A/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3

								
							
							
						
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-20
Changed Reference Type
http://www.securityfocus.com/bid/104482 No Types Assigned
http://www.securityfocus.com/bid/104482 Third Party Advisory, VDB Entry
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf Vendor Advisory

CVE Modified by Siemens AG 6/19/2018 9:29:03 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/104482 [No Types Assigned]